1*d93a896eSDag-Erling Smørgrav# $OpenBSD: agent-getpeereid.sh,v 1.8 2017/01/06 02:51:16 djm Exp $ 2ce3adf43SDag-Erling Smørgrav# Placed in the Public Domain. 3ce3adf43SDag-Erling Smørgrav 4ce3adf43SDag-Erling Smørgravtid="disallow agent attach from other uid" 5ce3adf43SDag-Erling Smørgrav 6ce3adf43SDag-Erling SmørgravUNPRIV=nobody 7ce3adf43SDag-Erling SmørgravASOCK=${OBJ}/agent 8ce3adf43SDag-Erling SmørgravSSH_AUTH_SOCK=/nonexistent 9ce3adf43SDag-Erling Smørgrav 10ce3adf43SDag-Erling Smørgravif config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then 11ce3adf43SDag-Erling Smørgrav : 12ce3adf43SDag-Erling Smørgravelse 13ce3adf43SDag-Erling Smørgrav echo "skipped (not supported on this platform)" 14ce3adf43SDag-Erling Smørgrav exit 0 15ce3adf43SDag-Erling Smørgravfi 16076ad2f8SDag-Erling Smørgravcase "x$SUDO" in 17076ad2f8SDag-Erling Smørgrav xsudo) sudo=1;; 18076ad2f8SDag-Erling Smørgrav xdoas) ;; 19076ad2f8SDag-Erling Smørgrav x) 20076ad2f8SDag-Erling Smørgrav echo "need SUDO to switch to uid $UNPRIV" 21076ad2f8SDag-Erling Smørgrav exit 0 ;; 22076ad2f8SDag-Erling Smørgrav *) 23076ad2f8SDag-Erling Smørgrav echo "unsupported $SUDO - "doas" and "sudo" are allowed" 24076ad2f8SDag-Erling Smørgrav exit 0 ;; 25076ad2f8SDag-Erling Smørgravesac 26ce3adf43SDag-Erling Smørgrav 27ce3adf43SDag-Erling Smørgravtrace "start agent" 28ce3adf43SDag-Erling Smørgraveval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null 29ce3adf43SDag-Erling Smørgravr=$? 30ce3adf43SDag-Erling Smørgravif [ $r -ne 0 ]; then 31ce3adf43SDag-Erling Smørgrav fail "could not start ssh-agent: exit code $r" 32ce3adf43SDag-Erling Smørgravelse 33ce3adf43SDag-Erling Smørgrav chmod 644 ${SSH_AUTH_SOCK} 34ce3adf43SDag-Erling Smørgrav 35*d93a896eSDag-Erling Smørgrav ${SSHADD} -l > /dev/null 2>&1 36ce3adf43SDag-Erling Smørgrav r=$? 37ce3adf43SDag-Erling Smørgrav if [ $r -ne 1 ]; then 38ce3adf43SDag-Erling Smørgrav fail "ssh-add failed with $r != 1" 39ce3adf43SDag-Erling Smørgrav fi 40076ad2f8SDag-Erling Smørgrav if test -z "$sudo" ; then 41076ad2f8SDag-Erling Smørgrav # doas 42*d93a896eSDag-Erling Smørgrav ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 43076ad2f8SDag-Erling Smørgrav else 44076ad2f8SDag-Erling Smørgrav # sudo 45*d93a896eSDag-Erling Smørgrav < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null 46076ad2f8SDag-Erling Smørgrav fi 47ce3adf43SDag-Erling Smørgrav r=$? 48ce3adf43SDag-Erling Smørgrav if [ $r -lt 2 ]; then 49ce3adf43SDag-Erling Smørgrav fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 50ce3adf43SDag-Erling Smørgrav fi 51ce3adf43SDag-Erling Smørgrav 52ce3adf43SDag-Erling Smørgrav trace "kill agent" 53ce3adf43SDag-Erling Smørgrav ${SSHAGENT} -k > /dev/null 54ce3adf43SDag-Erling Smørgravfi 55ce3adf43SDag-Erling Smørgrav 56ce3adf43SDag-Erling Smørgravrm -f ${OBJ}/agent 57